tag:blogger.com,1999:blog-4088979.post1512157948836605190..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Be the CavemanRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4088979.post-91579455993830671802007-10-13T03:19:00.000-04:002007-10-13T03:19:00.000-04:00Anonymous said:>anyone who says "this attack could...Anonymous said:<BR/>>anyone who says "this attack could never bring down a machine" or <BR/>>"the web server gets hit with this stuff all the time" hasn't been <BR/>>involved with an enterprise scanning operation for long.<BR/><BR/>ummmm - have you read Richards stuff much? I suspect he's been at least a little involved with enterprise scanning for at least a little whileAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-29842211732328081382007-10-04T13:15:00.000-04:002007-10-04T13:15:00.000-04:00I think it's worth differentiating between Richard...I think it's worth differentiating between Richard's comments on <B>external</B> scanning and Marcin's, which seem to be directed toward scanning on the company network in general. There are thousands of DoS-type attacks daily against our internet-facing servers, but rarely inside the company. It seems reasonable to prohibit the security team from running these types of attacks/scans.<BR/><BR/>Also, anyone who says "this attack could never bring down a machine" or "the web server gets hit with this stuff all the time" hasn't been involved with an enterprise scanning operation for long. As Joe mentioned above, there are all kinds of side effects that you'd never expect. I've seen "run of the mill" scanning activity take down an external server against everyone's expectations due to very minor differences in the type of check that the vendor had provided us with (vs. that which was circulating in the wild). <BR/><BR/>At the end of the day, it doesn't matter how "delicate" or "insecure" a security geek thinks the networks is--it's the job of the security professional to remediate vulnerabilities while maintaining network availability, and any security professional who would rather score points by taking out their own network probably shouldn't be employed for long.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-21093089618347038092007-10-01T10:44:00.000-04:002007-10-01T10:44:00.000-04:00Thanks for linking to that! Excellent article, in ...Thanks for linking to that! Excellent article, in fact, one of the better ones I've read in some time from InformationWeek!Unknownhttps://www.blogger.com/profile/15357840241031190415noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-24214170108917841312007-09-29T03:15:00.000-04:002007-09-29T03:15:00.000-04:00PS: If I hear one more time that "scanning is too ...<B><I>PS: If I hear one more time that "scanning is too dangerous for our network" I will officially Lose It. Scanning of external systems happens 24x7.</I></B><BR/><BR/>hahaha, Me and you both. I said the same thing in my post on PCI requirements. If a tool you've downloaded has been tested on a lab network and audited for backdoors, there should be no qualms about scanning prod systems. ;)<BR/><BR/><I>I hate hearing the words “We don’t scan against production.” Frankly, I don’t care to either. There’s just something annoying about, “If you bring down production with your tests, you’re dead meat/fired/a goner.” Well, if your production environment was built properly, you shouldn’t have this problem. People who say this are likely responsible for the most delicate, insecure network or system around. Seriously.</I> -- <A HREF="http://www.tssci-security.com/archives/2007/09/16/more-on-ambiguous-security-standards/" REL="nofollow">More on ambiguous security standards</A>Marcinhttps://www.blogger.com/profile/02403324596880195518noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-37129534062325781422007-09-29T00:08:00.000-04:002007-09-29T00:08:00.000-04:00It's funny. You wouldn't believe how many devices ...It's funny. You wouldn't believe how many devices get screwed up by internal nmap or qualys scans. Brocade Silkworms would lock up because of a telnet bug. HP JetDirect printers would print PAGES of garbage until power cycled or out of paper.<BR/><BR/>One admin asked me to halt the scans because it was causing his Brocade switches to lock up. I gave him 2 weeks to test and deploy software updates. I then reminded him that just because it's "internal" does not mean its safe.Joehttps://www.blogger.com/profile/14998755598722686389noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42136012865965038432007-09-28T22:38:00.000-04:002007-09-28T22:38:00.000-04:00Rich,Doesn't that continue to promote the negative...Rich,<BR/><BR/>Doesn't that continue to promote the negative stereotype that cavemen are dumb... I mean they did discover fire for us. For shame ;)John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.com